Inter-site Replication

By Brien M. Posey | Oct 8, 2000 | Print this Page
http://www.enterprisenetworkingplanet.com/netsysm/article.php/624411/Intersite-Replication.htm

In Part 1 of this series, Using Sites in Windows 2000 , I discuss how breaking your Active Directory into sites can help reduce the amount of traffic on your low-speed network links by regulating how often Active Directory information is replicated. In this article, I'll continue the discussion with a look at configuring inter-site replication. As I do, I'll discuss some of the issues you'll face, such as site link costs and the various replication protocols that can be used by site links.

Before I get into discussing site links, it's important to understand the purpose of dividing your network into sites. Without a clear understanding of this, it's impossible to optimize your network's performance. Dividing a network into sites eases the network traffic flowing across slow WAN links. Active Directory servers in the same site replicate information with each other frequently, whereas servers in different sites replicate information much less often. The less replication traffic that flows across your WAN links, the more bandwidth is available for other types of network traffic.

With that said, it's important to point out that simply breaking a network into sites isn't enough. Sites won't replicate anything unless you tell them to. You do so through a site link. The site link is the component that tells Windows 2000 which sites to share replication information with.

Exchange 5.x Replication

As you may know, the Windows 2000 Active Directory is very closely related to the directory service found in Exchange 5.x. However, replication is one area in which the two product's directories function differently. Exchange requires a site connector (or an X.400 connector) to make sites aware of each other. Once the sites are linked by a site connector, you must add a directory replication connector to make the linked sites replicate directory information. In Windows 2000, all these tasks are controlled by a single module: the site link.

When you create each site on your network, Windows 2000 connects the site to a default site link called DEFAULTIPSITELINK, unless you tell it otherwise. This site link uses the IP protocol to join all the sites in your network. However, simply using the default site link may not be your best option, particularly on networks that have redundant connections. Regardless of your situation, it's almost always more effective to use a custom site link than to use the default.

The process of creating a custom site link has five basic steps:

  1. Create the site link.
  2. Configure the site link's associated attributes.
  3. Create site link bridges.
  4. Configure connection objects. (This step is optional.)
  5. Designate a preferred bridgehead server. (This step is optional)

Let's examine each of these steps.

Step 1  Create the Site Link

To create your initial site link, load the AD Sites and Services snap-in for Microsoft Management Console (MMC) by selecting Start|Programs|Administrative Tools|Active Directory Sites and Services. You must now decide which replication protocol you intend to use: IP or SMTP.

As the name implies, IP replication uses the IP protocol to replicate Active Directory information within sites and between them. It's the preferred replication protocol in most situations. By default, IP replication is subject to any replication schedules that you set up, although you can tell it to ignore the schedules.

SMTP replication, on the other hand, is used only to replicate information between sites. SMTP replication typically uses an asynchronous connection (dial-up) and therefore ignores any set replication schedules because of the lack of a permanent connection. Unlike IP-based replication, SMTP-based replication requires a digital certificate from a valid certificate authority to verify the authenticity of the Active Directory updates that are being replicated. If you need information on setting up a certificate authority, check out my article series on setting up a certificate server ( Why set up a certificate server? ).

Because IP is generally the replication protocol of choice, I'll be using IP in my examples. Once the Active Directory Sites and Services snap-in is loaded, navigate through the hierarchy to Active Directory Sites and Services|Sites|Inter-Site Transports|IP. Right- click on the IP folder (use the SMTP folder if you're setting up an SMTP-based site link), and select New Site Link from the context menu.

At this point, you'll see a dialog box that asks you which sites will be used with the new site link. Select the involved sites and click Add. When you do, the sites will be moved to the Sites In This Link column, as shown in Figure 1. As the figure shows, you must also specify a name for the site link. Click OK to create the link.

Figure 1: Site links must be associated with at least two sites.

Step 2 Configure the Site Link's Associated Attributes

Once you've created a site link, you'll need to configure several attributes for the site. These attributes include things like the replication schedule and the link cost. To set the attributes for the site, navigate through the Active Directory Sites and Services snap- in to Active Directory Sites and Services|Sites|Inter-Site Transports|IP. Your newly created site link will appear in the column in the right, as shown in Figure 2. Right-click on the site link and select Properties from the context menu. When you do, you'll see a site link properties sheet similar to the one shown in Figure 3.

Figure 2: The IP folder contains your newlycreated site link.

Figure 3: The site link's properties sheet allows you to set the site link's attributes.

As you can see, the properties sheet allows you to set various attributes for the site link. You can add and remove sites from the site link with the click of a mouse. Another field lets you enter a description of the link. However, toward the bottom of the window is a Cost setting that you may not be familiar with.

Financial Cost

It may seem strange to use the name Cost when you're talking about bandwidth. However, you can use it for financial purposes. Some providers still charge a per-packet fee for the use of various types of leased lines. If your network includes such lines, you could base the Cost setting on the actual financial cost of using each connection rather than basing it on connection speed.

As the name implies, the Cost setting lets you associate a specific cost with the site link. However, this isn't usually a cost in terms of dollars, but bandwidth. The Cost setting comes into play when you have redundant physical network links between sites. For example, suppose your normal connection was through a T-3 line. Now, suppose you had an SMTP-based site link bound to a dial-up ISDN connection. Needless to say, you'd probably want all your traffic to flow through the T-3 line because of its high speed. Therefore, you'd set a very low cost to the T-3 line and a higher cost to the ISDN line. Because Windows 2000 always uses the link with the lowest cost, the T-3 line would always be used unless it was unavailable, in which case Windows 2000 would use the link with the next lowest cost--in this case, the ISDN connection.

CrossLinks

Another attribute you can alter through the site link's properties sheet is the replication schedule. As you can see in Figure 3, the properties sheet contains a setting that allows you to control how many minutes pass between each replication cycle. The amount of time you set is entirely up to you. Typically, you should base the amount of time used for the replication cycle on two factors: the impact replication traffic has on your physical network link between the sites, and how often users in each site need Active Directory updates from the other site.

If you like, you can even get a little more creative with the replication schedule by clicking the Change Schedule button. When you do, you'll see the window shown in Figure 4. As you can see, this window allows you to enable or disable replication based on the day of the week and the time of day. For example, if 9:00 AM on weekdays tends to be the time when your WAN links have the highest traffic volume, you might disable replication during that period.

Figure 4: You can enable or disable replication based on the day of the week and the time of day.

Conclusion

As you can see, Active Directory replication is almost a science in itself. So far, I've covered only the first two items on my five- step list for configuring Active Directory replication. I'll begin discussing the concept of creating Site Link Bridges in Part 3 of this article series ( Building Site Link Bridges ). //

Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it's impossible for him to respond to every message, although he does read them all.